Cryptology ePrint Archive: Report 2017/858

Differential Fault Analysis of SHA-3 under Relaxed Fault Models

Pei Luo and Yunsi Fei and Liwei Zhang and A. Adam Ding

Abstract: Keccak-based algorithms such as Secure Hash Algorithm-3 (SHA-3) will be widely used in crypto systems, and evaluating their security against different kinds of attacks is vitally important. This paper presents an efficient differential fault analysis (DFA) method on all four modes of SHA-3 to recover an entire internal state, which leads to message recovery in the regular hashing mode and key retrieval in the message authentication code (MAC) mode. We adopt relaxed fault models in this paper, assuming the attacker can inject random single-byte faults into the penultimate round input of SHA-3. We also propose algorithms to find the lower bound on the number of fault injections needed to recover an entire internal state for the proposed attacks. Results show that on average the attacker needs about 120 random faults to recover an internal state, while he needs 17 faults at best if he has control of the faults injected. The proposed attack method is further extended for systems with input messages longer than the bitrate.

Category / Keywords: cryptographic protocols /

Original Publication (in the same form): Journal of Hardware and Systems Security

Date: received 6 Sep 2017

Contact author: silenceluo at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20170909:213556 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]